Error 'account-arn-different-account' Observed When Configuring Flow logs From Amazon S3 in Prisma Cloud

Error 'account-arn-different-account' Observed When Configuring Flow logs From Amazon S3 in Prisma Cloud

219
Created On 07/28/22 20:14 PM - Last Modified 10/18/25 03:34 AM


Symptom


When configuring Flow logs from Amazon S3, validation is fails with the error 'account-arn-different-account' 

Environment


  • Prisma Cloud 
  • Cloud Accounts
  • S3
  • AWS 

Cause


This error is observed when there is a mismatch of 'External ID' between Amazon S3 and Prisma Cloud

Resolution


  1. Log into Prisma Cloud Console
  2. Go to Setting > Cloud Accounts > (select the respective account) Click Edit
Screen Shot 2022-07-28 at 12.51.36 PM.png
  1.  Account Overview > Flow Logs (S3) > Configure
Screen Shot 2022-07-28 at 12.47.22 PM.png
  1. Logging Account Template > Copy 'External ID' and paste it on a notepad.

Screen Shot 2022-07-28 at 1.04.18 PM.png

 

  1. Log into AWS > Go to Identity and Access Management (IAM) > Access Management > Roles > Prisma-cloud-logging-rule > Trust Relationships > edit trust policy
  2.  Once in Edit mode under 'Edit trust policy', make sure "sts:ExternalId" has the same 'External ID' that was copied under Step4 from Logging Account Template.
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000CqrMCAS&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail